Introduction

Every day, cyber-attacks against government and commercial computer networks number in the millions. According to U.S.  Cyber Command, Pentagon systems are probed 250,000 times per hour. Similar attacks are becoming more prevalent on other kinds of information-based smart networks as well, such as those that operate buildings and utility systems. Whether the objective is to steal intellectual property or halt operations, the tools and the techniques used for unauthorized network access are increasingly sophisticated.

Connectivity—why do we need to address  cybersecurity  for industrial  control systems (ICS)?

There is increasing concern regarding cybersecurity across industries where companies are steadily integrating field devices into enterprise- wide information systems. This occurs in discrete manufacturing and process industrial environments, a wide range of general and specific purpose commercial buildings, and even utility networks. Traditionally, electrical systems were controlled through serial devices connected to computers via dedicated transceivers with proprietary protocols. In contrast, today’s control systems are increasingly connected to larger enterprise networks, which can expose these systems to similar vulnerabilities that are typically found in computer systems.

The differences between information technology (IT) and ICS networks can be summarized as follows:

  • The main focus of the IT network is to ensure the confidentiality and the integrity of the data using rigorous access control and data encryption
  • The main focus of the ICS network is safety, availability, and integrity of data
  • Enterprise security protects the servers’ data from attack
  • Control system security protects the facility’s ability to safely and securely operate, regardless of what may befall the rest of the network

Cybersecurity threat vectors

Cybersecurity threat vectors are paths or tools that an entity can use to gain access to a device or a control network in order to deliver a malicious attack. Figure 1 shows examples of attack vectors on a network that might otherwise seem secure.

The paths in Figure 1 include:

  • External users accessing the network through the Internet
  • Misconfigured firewalls
  • Unsecure wireless routers and wired modems
  • Infected laptops located elsewhere that can access the network behind the firewall
  • Infected USB keys and PLC logic programs
  • Unsecure RS-232 serial links

The most common malicious attacks come in the following forms:

  • Virus—a software program that spreads from one device to another, affecting operation
  • Trojan horse—a malicious device program that hides inside other programs and provides access to that device
  • Worm—a device program that spreads without user interaction and affects the stability and performance of the ICS network
  • Spyware—a device program that changes the configuration of a device (Read more)